Configure SystemEDGE Agent for SNMPv2c Polling and Traps
search cancel

Configure SystemEDGE Agent for SNMPv2c Polling and Traps

book

Article ID: 435312

calendar_today

Updated On:

Products

SystemEDGE Agent

Issue/Introduction

You need to configure the SystemEDGE agent for SNMPv2c polling and trap generation․​​​​​

CONTEXT: SystemEDGE requires specific configuration parameters to enable SNMPv2c and SNMPv3 functionality․

IMPACT: Incomplete configuration prevents monitoring and trap generation․

Environment

SystemEDGE: 6.x

Resolution

PREREQUISITES:

  • Administrator access

STEPS:

1․ Disable SNMPv1 TRAPS

Even though we are exclusively using SNMPv2c, the SystemEDGE v2c trap engine requires the community string to be initialized in the primary configuration file. We will also use this file to actively block SNMPv1 traps and polling.

  1. Open /opt/CA/SystemEDGE/config/port1691/sysedge.cf in a text editor.

  2. Disable SNMPv1 Traps: Search for any lines starting with trap_community (or the legacy trap command) and comment them out by adding a # at the beginning.

    Plaintext
    # trap_community public 192.168.1.10
# trap_community public 192.168.1.11

  3. Save and close sysedge.cf.

 

2․ CONFIGURE SNMPV2c POLLING

Despite what some sections of the Broadcom documentation imply about sysedgeV3.cf, the base community string for SNMPv2c polling must be defined in the primary sysedge.cf file. The v2c engine relies on this file to validate the community string.

  • File Location: sysedge.cf (usually in /opt/CA/SystemEDGE/config/port161/)

  • Directive: community <string> <access> [ip_addresses...]

The ACL Quirk: The documentation states that appending IP addresses to the community line in sysedge.cf only restricts SNMPv1 polling. However, you still must define the community string here for v2c to work.

 

What to add to sysedge.cf:

Plaintext
 
community public read-only 192.168.1.10 192.168.1.11

(Note: Even if the ACL behavior is technically limited to the v1 engine, defining the IPs here is best practice. To guarantee strict network-level restriction for v2c polling, the industry standard for SystemEDGE is to pair this configuration with local OS firewall rules—like iptables or firewalld—allowing UDP port 161 only from those two IPs).

 

3․ CONFIGURE SNMPV2c TRAPS

SNMPv2c trap destinations must be configured in the sysedgeV3.cf file. If you put them in sysedge.cf, they will be sent as legacy SNMPv1 traps.

  • File Location: sysedgeV3.cf  (in /opt/CA/SystemEDGE/config/)

  • Directive: SNMPV2_TRAP_INFO <destination_host>|<port> * <community>

  • Dependency: The community string you specify here must match the one you defined in sysedge.cf.

What to add to sysedgeV3.cf:

Plaintext
 
SNMPV2_TRAP_INFO 192.168.1.10|162 * public
SNMPV2_TRAP_INFO 192.168.1.11|162 * public

(Note the mandatory pipe | between the IP and port, and the asterisk * for the trap context).

Note: Only the content of the sysedgeV3.cf file will be encrypted.

 

3. Restart the SystemEDGE agent service to put the change in place

/opt/CA/SystemEDGE/bin/sysedgectl stop

/opt/CA/SystemEDGE/bin/sysedgectl start

 

VERIFY SUCCESS:

Stop/start the SystemEDGE agent service, it will send a cold startup alert to the SpectroSERVER host (as long as you have correctly configured the sysedgeV3.cf file).

/opt/CA/SystemEDGE/bin/sysedgectl stop

/opt/CA/SystemEDGE/bin/sysedgectl start

The SystemEDGE cold start trap will generate the 0x10306 event, see below:

Additional Information

Configuration Files

Access Lists for SNMPv1 Communities

Configure Access Communities

Configure SNMPv1 Trap Destinations

Configure SNMPv3 User Information

Configure SNMPv2c and SNMPv3 Trap Destinations

 

The sysedgeV3.cf is an encrypted file that contains SNMPv3 USM user and security information using the SNMP_V3_USER_INFO keyword. All arguments for this keyword must be on one line and in the specified order, which is separated by blank spaces.

NOTE: To update the SNMPV3 credentials, edit the sysedgeV3.cf file that is located at <installdir>/conf folder.

NOTE: Adding entries in the sysedgeV3.cf file that is located at <installdir>/conf/port<num> folder does not work.

By default, the file contains the encrypted username and password.

You can configure the sysedgeV3.cf file by adding the following SNMPv3 user information. Restart the agent after adding an SNMP user. The newly added entries are loaded into the system and are stored in encrypted form.

SNMP_V3_USER_INFO *|access[addresses] userName securityModel securityLevel [authProtocol authPassword [privProtocol privPassword]]

 

Powered by Wolken Software